From Code to Cloud: Breaking Down Advanced Software Supply Chain Red Teaming Techniques | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin episode artwork

EPISODE · Apr 23, 2024 · 50 MIN

From Code to Cloud: Breaking Down Advanced Software Supply Chain Red Teaming Techniques | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin

from Redefining CyberSecurity · host Sean Martin, ITSPmagazine, Paul McCarty

Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]On LinkedIn | https://www.linkedin.com/in/mccartypaul/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining Cybersecurity Podcast, host Sean Martin engages in a detailed discussion with Paul McCarty on the intricate web of software supply chain security. McCarty, formerly of SecureStack and now with GitLab, shares his panoramic view on the evolving complexity of application environments and the pivotal role they play in today's digital infrastructure. The conversation pivots around the increasingly multifaceted nature of the software supply chain, highlighted by McCarty's work on an open-source project aimed at mapping out these complexities visually.Throughout the episode, Martin and McCarty explore the notion of red teaming within the context of the software supply chain. McCarty elucidates the concept of red teaming as an essential exercise in identifying and addressing security vulnerabilities, emphasizing its transition from traditional methods to a more nuanced approach tailored to the software supply chain's intricate demands.A significant part of their discussion is dedicated to exploring the ten stages of the software supply chain, as identified by McCarty. This segment sheds light on the broad spectrum of components involved, from the developers and their tools to the deployment environments and the underpinning hardware. The dialogue also touches on critical aspects such as the role of containers across various stages and the potential security implications presented by third-party services and cloud components.The episode wraps up with insights into the shared responsibility model in cloud services, debunking misconceptions about security in the cloud. McCarty stresses the importance of recognizing the extensive attack surface introduced by widespread reliance on public cloud services and the need for a continuous red teaming approach to address these challenges effectively.Listeners are offered a comprehensive overview of the critical factors contributing to software supply chain security, emphasizing the need for a broader understanding and proactive measures to mitigate risks in this increasingly complex domain.Key Questions AddressedWhat does red teaming the software supply chain mean and why is it important?How has the complexity of software supply chains evolved, and what are the implications for cybersecurity?What role do containers play across different stages of the software supply chain, and how do they impact security?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources4 hour training at CrikeyCon March 23rd: https://crikeycon.com/workshops/All day training at Adelaide BSides May 16th: https://bsidesadelaide.com.au/agenda-trainingPresenting at BrisSEC: https://aisasecuritydays.com.au/brissec-programVisualizing the Software Supply Chain: https://github.com/SecureStackCo/visualizing-software-supply-chainVBP Framework: https://gitlab.com/pmccarty/vbpCrikeyCon - Workshop: Red Teaming the Software Supply Chain: https://crikeycon.com/workshops/#redteam___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dive into the evolving landscape of software supply chain security with host Sean Martin and guest Paul McCarty, who unpack the complexities and the need for nuanced red teaming approaches in today's digital ecosystem. Explore their insights on the multi-layered aspects of application environments, the pivotal role of containers, and the crucial shared responsibility model in cloud services to navigate the intricate web of cybersecurity challenges.

NOW PLAYING

From Code to Cloud: Breaking Down Advanced Software Supply Chain Red Teaming Techniques | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin

0:00 50:19

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Darknet Discussions Darknet Discussions Welcome to "Darknet Discussions," the podcast that gets into the shadows of the internet to bring you the most intriguing, enlightening, and sometimes unsettling stories from the dark web. Hosted by seasoned darknet aficionados, each episode of "Darknet Discussions" explores the intricate dynamics of darknet markets, cybersecurity threats, and the digital underworld. Join us as we interview experts, discuss the latest trends in cybercrime, and shed light on the technologies that operate beneath the surface of everyday internet use. Also, we occasionally go off on a tangent about something completely unrelated. IT Trendsetters SynerComm During each episode, our team is joined by a relevant industry expert to gain insight into new IT trends and learn about important IT and cybersecurity concepts. Our goal is to give you the advice your need to safeguard your network and digital assets. The AI-Powered Lawyer River Braun Welcome to The AI-Powered Lawyer, where host River Braun takes you on a journey into the heart of the AI revolution in law. This isn't about traditional legal practice; it's about exploring cutting-edge technology that's transforming the way we work. Each episode dives into the tools, trends, and techniques redefining what it means to be a lawyer in the age of AI. Subscribe and join us as we redefine law...together! IT Jobs's Podcast IT Jobs Two Cisco CCIEs discussing topics related to getting and IT Job or hiring for an IT Job. Focus on both Network Engineering, Cloud, Development, and CyberSecurity and as much reality as can be brought.

Frequently Asked Questions

How long is this episode of Redefining CyberSecurity?

This episode is 50 minutes long.

When was this Redefining CyberSecurity episode published?

This episode was published on April 23, 2024.

What is this episode about?

Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]On LinkedIn | https://www.linkedin.com/in/mccartypaul/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity...

Can I download this Redefining CyberSecurity episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!